3 more companies hacked! How secure is your online information?

By IBT Staff Reporter On 12/14/10 AT 11:35 AM

A man carries his food as he leaves a McDonald's restaurant in Arlington, Virginia, July 23, 2009. Photo: REUTERS

In a sign that cyber security needs rapid quality improvements, two more U.S. companies, McDonald's Corp and Walgreen Co, said they had been hacked in the past week, along with U.S. media company, Gawker.

After reports of Mastercard and Visa being hacked last week by a pro-Wikileaks group, which called itself 'Anonymous,' McDonald's said its system had been breached and customers' email and other contact information, birthdates and other specifics had been compromised on Monday.

Much of this information was supposedly provided by a customer when they were signing up for online promotions or subscriptions.

The fast food company did not specify how many accounts had been compromised.

On Friday, Walgreens said hackers had gained access to its customers' email database and spammed these accounts with instructions to enter personal information on other websites.

Though the recent bouts of hacking are unrelated to the Mastercard, Visa and Paypal breaches, these new hackings seem to be forming a chain reaction through information gained from a previous breach.

Twitter said hackers broke into an unspecified number of users' accounts and sent spam promoting acai berry drink, according to an AP report.

The passwords used to gain access to these accounts were apparently taken from the breach on Sunday at Gawker Media, the parent company of Gawker, Gizmodo and Jezebel.

McDonald's and Walgreens stated that no personal information, data related to finances or social security numbers had been compromised.

While this is a relief, it is unsettling that most companies are still scrambling to figure out how their security systems were breached.

Many security experts are proving various commentaries about how to make your accounts more secure - including using complicated passwords with a combination of alphabets and numerals, or changing the passwords at regular intervals.

McDonald's stated that it is working with its business partner, Arc Worldwide, an email database management firm whose system was breached, to figure out the breach.

Anonymous, the group responsible for bringing down a part of Mastercard and Visa's website, used a simple software to flood these websites. Initially, supporters had to download a particular software to launch the attack.

But the group soon created an online page that would turn one's browser into an attack tool.

The webpage would repeatedly and rapidly ask the target's webserver for a given file, maybe a large image, once a user pressed the attack button, Wired.com repeated.

The tool's author is unknown and a quick perusal of the JavaScript shows that it is a fairly basic bit of programming, the website reported.

Most companies initially ignore the warning signs of a possible breach.

About 63 percent of organizations reported experiencing at least one security incident or breach during the last 12 months, according to the Global Information Security Trends study by the Computing Technology Industry Association, a nonprofit trade group, the LATimes reported.

For instance, Gawker has only itself to blame for the attack, according to some media reports.

The online blog, known for bringing gossip nuggets about celebrities, had apparently seen some 'suspicious' activity during November but 'did nothing'.

Emails and passwords from the hacking over the weekend were posted on PirateBay by Gnosis, a group that claimed responsibility for the attack.

We went after Gawker because of their outright arrogance. It took us a few hours to find a way to dump all their source code and a bit longer to find a way into their database, the group told the website Medialite.